mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

addressed review comments p1

Browse Source
This commit is contained in:
Hideki Miyazaki 2021-04-21 13:18:38 +09:00
parent 9de3fab74c
commit 4063e33b02
No known key found for this signature in database
GPG Key ID: 7EB19ED9B9D5AC28
4 changed files with 94 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
src/ssl.c
View File

@ -14697,25 +14697,12 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
void wolfSSL_set_psk_use_session_callback(WOLFSSL* ssl,
wc_psk_use_session_cb_func cb)
{
byte haveRSA = 1;
int keySz = 0;
WOLFSSL_ENTER("wolfSSL_set_psk_use_session_callback");
ssl->options.havePSK = 1;
ssl->options.session_psk_cb = cb;
#ifdef NO_RSA
haveRSA = 0;
#endif
#ifndef NO_CERTS
keySz = ssl->buffers.keySz;
#endif
InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
ssl->options.haveDH, ssl->options.haveNTRU,
ssl->options.haveECDSAsig, ssl->options.haveECC,
ssl->options.haveStaticECC, ssl->options.haveAnon,
ssl->options.side);
WOLFSSL_LEAVE("wolfSSL_set_psk_use_session_callback", WOLFSSL_SUCCESS);
}
#endif
@ -22383,18 +22370,19 @@ word32 wolfSSL_CIPHER_get_id(const WOLFSSL_CIPHER* cipher)
const WOLFSSL_CIPHER* wolfSSL_get_cipher_by_value(word16 value)
{
WOLFSSL_CIPHER* cipher = NULL;
const WOLFSSL_CIPHER* cipher = NULL;
byte cipherSuite0, cipherSuite;
WOLFSSL_ENTER("SSL_get_cipher_by_value");
cipher = (WOLFSSL_CIPHER*)XMALLOC(sizeof(WOLFSSL_CIPHER), NULL,
DYNAMIC_TYPE_OPENSSL);
if (cipher != NULL) {
/* extract cipher id information */
cipher->cipherSuite = (value & 0xFF);
cipher->cipherSuite0 = ((value >> 8) & 0xFF);
}
/* extract cipher id information */
cipherSuite = (value & 0xFF);
cipherSuite0 = ((value >> 8) & 0xFF);
return (const WOLFSSL_CIPHER*)cipher;
/* TODO: lookup by cipherSuite0 / cipherSuite */
(void)cipherSuite0;
(void)cipherSuite;
return cipher;
}

58
src/tls13.c
View File

@ -2618,28 +2618,28 @@ static const WOLFSSL_EVP_MD* ssl_handshake_md(const byte mac_alg)
{
switch(mac_alg) {
case no_mac:
#ifndef NO_MD5
#ifndef NO_MD5
case md5_mac:
return wolfSSL_EVP_md5();
#endif
#ifndef NO_SHA
#endif
#ifndef NO_SHA
case sha_mac:
return wolfSSL_EVP_sha1();
#endif
#ifdef WOLFSSL_SHA224
#endif
#ifdef WOLFSSL_SHA224
case sha224_mac:
return wolfSSL_EVP_sha224();
#endif
#endif
case sha256_mac:
return wolfSSL_EVP_sha256();
#ifdef WOLFSSL_SHA384
#ifdef WOLFSSL_SHA384
case sha384_mac:
return wolfSSL_EVP_sha384();
#endif
#ifdef WOLFSSL_SHA512
#endif
#ifdef WOLFSSL_SHA512
case sha512_mac:
return wolfSSL_EVP_sha512();
#endif
#endif
case rmd_mac:
case blake2b_mac:
WOLFSSL_MSG("no suitable EVP_MD");
@ -2696,30 +2696,31 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk)
byte cipherSuite0 = TLS13_BYTE, cipherSuite = WOLFSSL_DEF_PSK_CIPHER;
int cipherSuiteFlags = WOLFSSL_CIPHER_SUITE_FLAG_NONE;
#ifdef OPENSSL_EXTRA
#ifdef OPENSSL_EXTRA
const unsigned char* id = NULL;
size_t idlen = 0;
WOLFSSL_SESSION* psksession = NULL;
const WOLFSSL_EVP_MD* handshake_md = NULL;
if (ssl->msgsReceived.got_hello_retry_request >= 1) {
handshake_md = ssl_handshake_md(ssl->specs.mac_algorithm);
if (ssl->options.session_psk_cb != NULL) {
if (ssl->msgsReceived.got_hello_retry_request >= 1) {
handshake_md = ssl_handshake_md(ssl->specs.mac_algorithm);
}
/* Get the pre-shared key. */
if (!ssl->options.session_psk_cb(ssl, handshake_md,
&id, &idlen, &psksession)) {
wolfSSL_SESSION_free(psksession);
WOLFSSL_MSG("psk session callback failed");
return PSK_KEY_ERROR;
}
}
/* Get the pre-shared key. */
if (ssl->options.session_psk_cb != NULL &&
(!ssl->options.session_psk_cb(ssl, handshake_md,
&id, &idlen, &psksession))) {
wolfSSL_SESSION_free(psksession);
WOLFSSL_MSG("psk session callback failed");
return PSK_KEY_ERROR;
}
if (psksession == NULL &&
#else
#else
/* Get the pre-shared key. */
if (
#endif
#endif
ssl->options.client_psk_tls13_cb != NULL) {
ssl->arrays->psk_keySz = ssl->options.client_psk_tls13_cb(ssl,
(char *)psk->identity, ssl->arrays->client_identity,
@ -2731,7 +2732,7 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk)
}
}
else {
#ifdef OPENSSL_EXTRA
#ifdef OPENSSL_EXTRA
if (psksession != NULL) {
if (idlen > MAX_PSK_KEY_LEN) {
WOLFSSL_MSG("psk key length is too long");
@ -2744,8 +2745,9 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk)
cipherSuite = psksession->cipherSuite;
/* no need anymore */
wolfSSL_SESSION_free(psksession);
} else
#endif
}
else
#endif
ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
(char *)psk->identity, ssl->arrays->client_identity,
MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);

7
wolfssl/ssl.h
View File

@ -2162,10 +2162,9 @@ enum { /* ssl Constants */
WOLFSSL_API void wolfSSL_set_psk_client_callback(WOLFSSL*,
wc_psk_client_callback);
#ifdef OPENSSL_EXTRA
typedef int (*wc_psk_use_session_cb_func)(WOLFSSL* ssl, const WOLFSSL_EVP_MD* md,
const unsigned char **id,
size_t* idlen,
WOLFSSL_SESSION **sess);
typedef int (*wc_psk_use_session_cb_func)(WOLFSSL* ssl,
const WOLFSSL_EVP_MD* md, const unsigned char **id,
size_t* idlen, WOLFSSL_SESSION **sess);
WOLFSSL_API void wolfSSL_set_psk_use_session_callback(WOLFSSL* ssl,
wc_psk_use_session_cb_func cb);
#endif

66
wolfssl/test.h
View File

@ -1515,19 +1515,24 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
return 32; /* length of key in octets or 0 for error */
}
#if defined(OPENSSL_EXTRA)
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM)
static unsigned char local_psk[32];
#endif
static WC_INLINE int my_psk_use_session_cb(WOLFSSL* ssl,
const WOLFSSL_EVP_MD* md, const unsigned char **id,
size_t* idlen, WOLFSSL_SESSION **sess)
{
#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM)
int i;
int b = 0x01;
WOLFSSL_SESSION* lsess;
/* TLS13_BYTE 0x13 */
/* TLS_AES_128_GCM_SHA256 0x01 */
word16 cipher_id = (0x13<<8) | 0x01;
char buf[256];
const char* cipher_id = "TLS13-AES128-GCM-SHA256";
const SSL_CIPHER* cipher = NULL;
STACK_OF(SSL_CIPHER) *supportedCiphers = NULL;
int numCiphers = 0;
(void)ssl;
(void)md;
@ -1537,23 +1542,50 @@ static WC_INLINE int my_psk_use_session_cb(WOLFSSL* ssl,
if (lsess == NULL) {
return 0;
}
cipher = SSL_get_cipher_by_value(cipher_id);
SSL_SESSION_set_cipher(lsess, cipher);
for (i = 0; i < 32; i++, b += 0x22) {
if (b >= 0x100)
b = 0x01;
local_psk[i] = b;
supportedCiphers = SSL_get_ciphers(ssl);
numCiphers = sk_num(supportedCiphers);
for (i = 0; i < numCiphers; ++i) {
if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) {
SSL_CIPHER_description(cipher, buf, sizeof(buf));
}
if (XMEMCMP(cipher_id, buf, XSTRLEN(cipher_id)) == 0) {
break;
}
}
*id = local_psk;
*idlen = 32;
*sess = lsess;
if (i != numCiphers) {
SSL_SESSION_set_cipher(lsess, cipher);
for (i = 0; i < 32; i++, b += 0x22) {
if (b >= 0x100)
b = 0x01;
local_psk[i] = b;
}
*id = local_psk;
*idlen = 32;
*sess = lsess;
return 1;
}
else {
*id = NULL;
*idlen = 0;
*sess = NULL;
return 0;
}
#else
(void)ssl;
(void)md;
(void)id;
(void)idlen;
(void)sess;
return 1;
}
return 0;
#endif
}
#endif /* !NO_PSK */